Wireless Security Assessment
Digital Integrity Solutions will implement a Wireless Security Assessment, which ensures that the WLAN complies with effective security policies. For most situations, this is necessary whether or not the network implements effective security mechanisms. Don't put too much trust in the design of a system. It's best to run tests to be certain that the network is hardened enough to guard against unauthorized persons attacking company resources.
Regular, periodic security reviews ensure that changes to the WLAN don't make the system vulnerable to hackers. A review once each year may suffice for low risk networks, but a review each quarter or more often may be necessary if the network supports high risk information (e.g., financial data, postal mail routing, manufacturing control functions, etc.).
Our Wireless Security Assessment include:
A review of existing security policies. This provides a benchmark for determining whether or not a company is complying with its policies and determines whether the policy leaves any room for a hacker (e.g., a disgruntled employee) to access or harm company resources. The policy should describe adequate encryption and authentication mechanisms, keeping in mind that 802.11 WEP is broken. Also, the policy should mandate that all employees coordinate with the company's information systems organization before purchasing or installing wireless access points. It's very important that all access points have configuration settings that comply with the policies and provide the proper level of security.
A review of the system architecture and configurations. We will meet with all stakeholders and read through related documentation to gain an understanding of the system's architecture and configurations of access points. This will determine whether there are any design flaws that provide weaknesses that could allow a hacker inside the system.
A review of operational support tools and procedures. Some security weaknesses materialize when a company supports a WLAN. As a result, we need to learn as much as possible about existing support tools and procedures to spot potential issues. Most companies, for example, configure the access points over the wired Ethernet backbone. With this process, the passwords sent to open a connection with a particular access points is sent in the clear (i.e., unencrypted) over the wired network. As a result, a hacker with monitoring equipment hooked to the Ethernet network can likely capture the passwords and reconfigure the access point.
We will verify configurations of wireless devices. A portion of the security policy should define appropriate access point configurations that will offer an applicable level of security. As part of the assessment, we walk through the facilities having access points and use tools such as AirMagnet or AiroPeek to capture the access point configurations. This is to determine which security mechanisms are actually in use and whether or not they comply with effective policies.
We will investigate physical installations of access points by noting their physical accessibility, antenna type and orientation, and radio wave propagation into portions of the facility that don't have physical security controls. The access points should be mounted in a position that would make it difficult for someone to go unnoticed and physically handle the access point.
We will identify rogue access points. A problem that's difficult to enforce and significantly undercuts the security of the wireless LAN is when an employee installs a "personal" access point in their office. Most of the time, these installations don't comply with security policies and result in an open, non-secure entry port to the corporate network. In fact, a hacker can utilize sniffing tools to alert them when such an opportunity exists.
We will perform penetration tests. In addition to hunting for rogue access points, try going a step further and attempt to access corporate resources using tools common tools available to hackers. For instance, we utilize AirSnort in an attempt to crack through WEP.
We will analyze security gaps. The information we gather during the assessment provides a basis for understanding the security posture of your company or organization. After collecting information in the above steps, we recommend improvements. As we spot weaknesses in the security of the wireless LAN, research and describe methods that will counter the issues. We start by recommending improvements to the policies, which dictate what the company requires in terms of security for the wireless LANs. This provides a basis for defining technical and procedural solutions that will strengthen the security of the system to a level that protects the company's interests.
|
